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The Association of British Insurers is the voice of the UK’s world-leading insurance and long- 
term savings industry. A productive, inclusive and thriving sector, our industry is helping Britain 
thrive with a balanced and innovative economy, employing over 300,000 individuals in high- 
skilled lifelong careers, two-thirds of which are outside of London. 


The UK insurance industry manages investments of over £1.7 trillion, pays nearly £12bn in 
taxes to the Government and powers growth across the UK by enabling trade, risk-taking, 
investment and innovation. We are also a global success story, the largest in Europe and the 
fourth largest in the world. 


Founded in 1985, the ABI represents over 200 member companies providing peace of mind to 
households and businesses across the UK, including most household names and specialist 
providers. 


ABI response 


1. We welcome the opportunity to respond to this consultation. We have a number of 
concerns where we believe the guidance as currently drafted could cause significant 
consumer detriment to customers saving towards their retirement and other financial 
planning relating to key life stages and objectives, as well as customers of a range of 
general insurance products. 


2. We also highlight concerns relating to the tension between expectations set out within 
this draft code and those of the FCA, and the need to ensure firms can continue to 
protect consumers and fulfil their regulatory requirements. Elsewhere, we are seeking 
clarity on definitions and wording. 


Service messages 


3. As currently drafted, the definition of “service message” creates potential tensions 
between ICO and FCA requirements. For example, the draft code provides three 
examples of administrative or customer service purposes that would fall outside of the 
requirements relating to processing of personal data for direct marketing purposes for 
contacting a customer. The examples provided are to: 

- remind them how to contact you in case of a problem; 

- check that their details are correct; or 

- update them on your terms and conditions. 


4. While this list is not presented as an exhaustive list, we believe it should be expanded to 
illustrate other important concerns that should be classified as service messages, for 
instance, this should specifically include the ability for firms to communicate with 
customers with information to support their understanding and awareness of ways in 
which they can take steps to enhance their long-term savings outcomes, or switch to 
alternative products that may be better suited to them. 


5. For a number of reasons, not least the fact that the saving towards retirement is the very 
antithesis of immediate gratification, engagement levels with pensions are already 
low. We would be concerned if the ICO guidance listing only these three examples could 
inadvertently further reduce insurers’ ability to engage with their customers on such an 
important matter to people’s financial wellbeing. This would counteract wider 
government and regulatory policy initiatives, for example by the FCA (FS19/5: Effective 
competition in non-workplace pensions) and DWP (e.g. DWP single Departmental Plan, 
February 2020) to develop policy that supports greater engagement with pensions and 
ultimately better consumer outcomes. 


6. In addition, we must point out that insurers and long-term savings providers are required 
to comply with FCA such as the Insurance Distribution Directive. These rules, including 
the central Treating Customers Fairly requirement, place a strong focus on delivering the 
right customer outcomes and ensure that they are kept appropriately informed during the 
lifecycle of their product. In line with the FCA’s outcomes-based approach to regulation, 
these are not prescribed in great detail but they require firms to adopt an approach that 
works for their particular products and consumer target markets and this may include 
actively promoting better customer outcomes by highlighting the benefits and 
encouraging consumers to engage with their savings or pension product. 


7. We note the definition of “service messages” seems to go beyond previous ICO 
determinations (e.g. EE Monetary Penalty Notice, 20 June 2019, which stated “if a 
message includes any significant promotional material...that message is no longer a 
service message). It means a larger number of communications could fall into the 
category of direct marketing communications, and we are concerned that, given there is 
such a heavy reliance on consent as a lawful basis, those who do not consent to direct 
marketing will be disadvantaged and not kept informed about a range of issues affecting 
the performance of their long-term savings or other financial or insurance products. 


Regulatory communications 


8. Similar concerns apply to the descriptions of regulatory communications in the draft code 
and we would encourage the ICO to consider a broader scope. 


9. We would also note that we interpret the description of a regulatory communication as 
drafted to mean that it would not be necessary to fulfil all three of these requirements in 
order to satisfy the “regulatory communication” test, and therefore ask that for clarity, the 
“and” be replaced with “or”. 


10.Here, there are further tensions between the ICO’s draft code and FCA requirements. 
For example, the FCA’s Policy Statement PS20/3: “Signposting to travel insurance for 
consumers with medical conditions” will soon require firms that sell travel insurance to 
signpost customers to a directory of specialist firms that provide travel insurance for 
consumers with medical conditions. The ICO’s draft guidance could see the emails sent 
in furtherance of this objective as direct marketing, contrary to their objective and nature 
and in direct tension with the FCA’s rules. 


11.We are seeking a greater alignment within the guidance between the ICO’s definition of 
regulatory communications and service messages, with the FCA’s Treating Customers 
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Fairly requirements and other financial services regulatory requirements relating to 
communications with customers, including the Insurance Distribution Directive. To this 
end, it would also be helpful for the code to include a specific example where insurance 
and long-term savings firms can communicate to their customers in line with their FCA 
regulatory obligations, without this being captured as a form of direct marketing. We 
believe this would support firms in their aims to protect consumers and fulfil their 
regulatory requirements. 


12.In other areas of the guidance, we seek further clarity on the following sections: 
Generating Leads and collecting contact details 


13.On “Disproportionate effort”, the guidance notes that if the processing has a “minor effect 
on the individual” then a firm may assess that it is not proportionate to put significant 
effort into informing individuals. We seek clarification on what is considered to be a 
“minor effect” as well as clear examples to ensure this is not ambiguous. 


Legitimate interests basis 


14.We note that consent as a lawful basis is covered to a far greater extent as a lawful basis 
for direct marketing than legitimate interests. Whilst there are a number of areas where it 
is stated that it is not possible to rely on legitimate interest, it is sometimes unclear how 
the ICO has come to this conclusion and which limb/s of the legitimate interest basis are 
not satisfied. We would value more emphasis on when legitimate interests may and may 
not be used and examples to provide further clarity. 


15.In conclusion, we are seeking that the draft code is amended to mitigate the potential for 
consumer detriment in a financial services context. We believe this may be achieved in a 
number of ways, for example by widening the scope of the definitions and descriptions 
relating to “service messages” and “regulatory communications”, by including more 
examples that show services and regulatory communications that would not fall into the 
scope of direct marketing, and by expanding the code on the options available to process 
data under legitimate interests as a lawful basis under the GDPR. We are also seeking 
that the draft code is reviewed with regard to the way the code currently interacts with 
FCA requirements on financial services firms and their customers, and that steps are 
taken to mitigate damage to customers if they do not receive information relating to a 
range of long-term savings, protection and general insurance products. 
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